Macs not checking in Jamf Pro

D1anna
New Contributor

Hello,

We have a few devices that have not checked in to Jamf pro since 9/23/23. These are active devices. 

What are the reasons Macs stop check-in, and how to fix these issues? 

 

Thanks

16 REPLIES 16

jcarr
Release Candidate Programs Tester

Is it possible to try to check in manually?  If you have physical access to one of the devices, or can have the user run one or both of the following commands:

 

sudo /usr/local/bin/jamf policy

or

sudo /usr/local/bin/jamf recon

 

obi-k
Valued Contributor

What do you see when you open Terminal and enter: 

jamf checkJSSConnection
 
 

D1anna
New Contributor

JSS is available

 

obi-k
Valued Contributor

Try this on one of the Macs:

sudo profiles renew -type enrollment
or 
sudo jamf enroll -prompt

D1anna
New Contributor

What I do next after running the sudo profiles renew -type enrollment

 

Sorry I'm new to jamf 

obi-k
Valued Contributor

After you enter the admin password in Terminal, did you see any profile prompts? Might depend on what OS you're on.

Try going to System Preferences/Settings, Privacy and Security, Profiles. Find MDM profile. Does it ask you to install or accept?

D1anna
New Contributor

The profiles icon is greyed out. 

obi-k
Valued Contributor

Is this what you're seeing? https://discussions.apple.com/thread/253657493

Try to remove Jamf framework and then try to re-enroll to Jamf.

D1anna
New Contributor

I was not able to re-enroll in the device. 

 

 

D1anna
New Contributor

I don't see any profile prompt after running the enrollment command

obi-k
Valued Contributor

Back up the data, wipe, and re-provision?

D1anna
New Contributor

Yes, I was thinking of doing that. I tried to get other solutions before doing that, so I can try if this happens again. 

jcaleshire
New Contributor III

As obi-k and jcarr mentioned above, you can run 

 

sudo jamf checkJSSconnection

 

 to make sure that the Mac can contact your server,

 

sudo jamf recon

 

to have the Mac check-in and update inventory, and finally

 

sudo jamf policy

 

 to run any pending policies that are waiting for check-in.

If the Mac is unable to check-in, however, then you may be looking at some other problems. Since it sounds like only a handful of machines are exhibiting the issue, it's safe to say that it's not a server-side issue (again, probably). Assuming that the Mac is powered on and connected to a known-good network, but is still unable to check-in, the cause could be a few things:

  • The management profile has expired/is missing
  • Local endpoint protection software could be blocking MDM traffic
  • Broken Jamf agent on the Mac
  • Missing/expired identity certificate on the Mac

The best way to figure it out is to get your hands on one of the Macs with the problem and run a few terminal commands, then go from there.

When  I run  the sudo jamf recon I get :  Device Signature Error - A valid device signature is required to perform the action.

How can we check these? IT will give me an idea of what was causing this issue

  • The management profile has expired/is missing
  • Local endpoint protection software could be blocking MDM traffic
  • Broken Jamf agent on the Mac
  • Missing/expired identity certificate on the Mac

bhabibintercom
New Contributor

Try redeploy the Jamf management framework https://pro4tlzz.github.io/JamfHealComputer.html

 

The device will reenroll and trigger enrollment policies